This is such a widespread problem with so many applications that I always
prefer using STunnel (stunnel.org) rather than an application's built-in SSL
features. Many apps do not properly restrict--despite my many
complaints--the use of insecure ciphers and SSL/TLS versions, they use
self-signed cert...